Tags Posts tagged with "computers"

computers

Those of you who have read Part I and Part II of this 3-part series on cybersecurity may be tempted never to turn your computer on again.
But take heart. While there are villains out there who seek to take control of your machine — and they may even be successful – you are not defenseless against hackers.

Home computer users can significantly reduce the chances of being hacked by taking several steps to protect their machine.
Home computer users can significantly reduce the chances of being hacked by taking several steps to protect their machine.

Part III:

Lisa Lancor, chairwoman of Southern’s Computer Science Department, says several steps can be taken to protect your machine. “Unfortunately, no single solution exists to protect your computer from all of the risks that are out there,” she says. “But securing your computer and your digital transactions should be thought about in layers.”

Here are her suggestions:

  • Layer 1: Operating System – Regardless of the operating system you use (e.g., Windows 7, Windows 8, Mac OS X, etc.), always apply updates when you are notified. Most, if not all updates, are released to patch one or more security vulnerabilities. On your Windows machine, set the updates to happen automatically. On your Mac, when you see your App Store icon indicating that you have new updates to apply, do so immediately.
  • Layer 2: Internet Browser – It is critical that your browser stay up-to-date. “Historically, vulnerabilities in your browser have been a goldmine for hackers,” Lancor says. “Some browsers automatically check for the most recent version and if you don’t have it installed, it redirects you to update your browser before it allows you to access the Internet.” You can usually check if you are updated by going to the “About” page of your browser.
  • Layer 3: Third Party Applications and Plugins – Third party applications are stand-alone programs that work with your system, but are written by someone other than your operating system provider. Third party plugins are software widgets that add a feature to an existing software application. Adobe FlashPlayer, Adobe Reader and Oracle’s Java are examples of third party software. Always update this software, but beware of fake update messages for these and all applications and operating systems. Never click on a link to apply an update. Instead, manually navigate to the corresponding site and apply the update directly from the site.
  • Layer 4: You – This may be the most important layer of security. Many attacks are designed only to have an effect if you are duped into running malware. “As someone who studies this area, I have on several occasions almost been fooled by some very clever and targeted phishing email attacks,” Lancor says. “There was the UPS tracking message that appeared to be sent from Amazon during the holidays and then the very clever looking faux-Facebook email that enticed me into checking out some comments that ‘friends’ wrote on my wall. The friends listed were actual Facebook friends – clearly an attack that was targeted just for me.” The best way to handle these types of attacks is to never click on links in your email – simply navigate to the site manually. In the event that you need to click on the link, always hover over the link in your email and make sure the domain matches the site you are going to visit. Also, update your antivirus software. “If you don’t update your antivirus engine and signature file, your system won’t be protected from the latest known malware  that is out there,” Lancor says.

“The key is to be smart when surfing the Internet and always think like a hacker so that you can protect yourself from having your machine taken over,” Lancor says.

Happy and safe surfing!

Note: Lisa was interviewed Tuesday on WTIC’s (1080 AM) “Mornings with Ray Dunaway” about some of the latest hacking incidents and what people can do to protect their computers.

In Part I of our 3-part series, Wise Words focused on the myth that hackers have no interest in the computers of everyday individuals who do not store sensitive information on them. As you may have read, nothing could be further from the truth. Hackers can use the storage or processing power of your computer for multiple nefarious functions, even if you keep only the most innocuous of information on your machine.

Today, we look at some other popular misconceptions.

Part II:

Myth: Using and updating antivirus software is enough to prevent my computer from becoming vulnerable to security incidents.

Reality: The use of antivirus software certainly is one step you can take to help protect your system. And it is helpful against known malware (malicious software), according to Lisa Lancor, chairwoman of Southern’s Computer Science Department. (Southern recently restructured its M.S. in computer science degree to focus on cybersecurity and software development.)

“Unfortunately, antivirus software does not protect you from malware that it does not know about,” Lancor says. “Malware that exploits a brand new vulnerability is referred to as a ‘zero-day attack’ because the security community has known about the vulnerability for zero days.”

Nobody wants to see the dreaded virus alert pop up on their screen.
Nobody wants to see the dreaded virus alert pop up on their screen. Keeping your antivirus software up-to-date is just one of several steps you should take to minimize the chances of your computer getting sick.

Fair enough. But what are the chances of being hit with a “zero-day attack?”

It’s not that rare, according to Lancor. “A recent report by McAfee Labs indicates that its researchers find and catalog close to 100,000 new samples of malware per day,” she says. “That equates to 69 new, zero-day malware samples per minute. Are you keeping up with antivirus updates every minute?”

Even more disturbing, malware developers can sell their code on the black market of the Internet, Lancor says. They can sell for tens of thousands, even hundreds of thousands of dollars. “Clearly, creating zero-day malware is big business for hackers these days.”

Myth: Mac users are safe from malware.

Reality: It is true that at one time, Mac users were relatively safe from malware, though there are always exceptions. But because the number of Mac users has increased significantly during the last decade, virus writers have set their sights on Apple, according to Lancor. Just recently, a malware called IceFog was discovered that attacks both Windows and Macs and provides a backdoor into your system. “It can accept instructions from a command-and-control infrastructure to have your system do whatever hackers want,” she says.
Lancor points to the FlashBack virus that infected more than 600,000 Macs and included them into one of the first significant Mac-based botnets. Apple has been continuously adding security features, including its own anti-malware applications, into its operating system. Mac users are advised to follow safe security practices, just like PC users.

Myth: As long as you don’t click on ridiculous email links from people you don’t know, you should be pretty safe.

Reality: These aren’t the spam attacks of your grandparents’ day…er, in your parents’ day…um, in your older siblings’ day. It’s not just the Nigerian banker who wants to deposit money into your banking account, or the Viagra link, or an announcement that you’ve won the lottery of a foreign country for which you never bought a ticket. “Hackers are fully aware of the security education and training that you have been receiving about not clicking on links in emails from people you don’t know or trust,” Lancor says.

She points out that “smart phishing attacks,” also known as “spear (very targeted) phishing attacks now come from people you do know, or from hackers acting as someone you do know. “Hackers go so far as to study the content of previous email exchanges that you have had with someone and then they mimic the language and styling in an attempt to let your guard down and click on a malicious link,” she says. “The malicious link will look legitimate and quite benign.” Examples might include “annual sales report” or “a properly formed UPS tracking number. “If you click on the link, it will take you to an exploit site that is set up to blast your browser and operating system with every vulnerability that it knows about in an attempt to gain access to your machine.

“And to make matters worse, while it used to be the case that you always needed to click on something to get infected, now there are drive-by-downloads that require you to do nothing. Just visit a website that is compromised and without you noticing, it will redirect you to a site that will fire everything it has at you (to take over your computer).”

Coming soon:

Part III — Protecting yourself against hackers, malware